Senate Bill: 1338
Arizona Revised Statute: §44-7501
Effective Date: December 31, 2006
Definition of Personal information: An individual's first name or first initial and last name in combination with any one or more of the following data elements, when the data element is not encrypted, redacted or secured by any other method rendering the element unreadable or unusable:
(a) Social security number;
(b) Number on a driver license issued pursuant to section 28-3166 or number on a nonoperating identification license issued pursuant to section 28-3165; or
(c) Financial account number or credit or debit card number in combination with any required security code, access code or password that would permit access to the individual's financial account.
Summary: When any person or entity (“entity”) that conducts business in Arizona and that owns or licenses unencrypted computerized data that includes personal information becomes aware of an incident of unauthorized acquisition and access to unencrypted or unredacted computerized data that includes an individual's personal information, the entity shall conduct a reasonable investigation to promptly determine if there has been a breach of the security system. If the investigation results in a determination that there has been a breach in the security system, the entity shall notify the individuals affected. The notice shall be made in the most expedient manner possible and without unreasonable delay subject to the needs of law enforcement and any measures necessary to determine the nature and scope of the breach, to identify the individuals affected or to restore the reasonable integrity of the data system.
Visit the state Web site